Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-29 06:12:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
8eb613c0b8
linux/security/integrity
History
Mimi Zohar 8eb613c0b8 ima: verify mprotect change is consistent with mmap policy 
Files can be mmap'ed read/write and later changed to execute to circumvent
IMA's mmap appraise policy rules.  Due to locking issues (mmap semaphore
would be taken prior to i_mutex), files can not be measured or appraised at
this point.  Eliminate this integrity gap, by denying the mprotect
PROT_EXECUTE change, if an mmap appraise policy rule exists.

On mprotect change success, return 0.  On failure, return -EACESS.

Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2020-05-22 14:41:04 -04:00
..
evm evm: Fix possible memory leak in evm_calc_hmac_or_hash() 2020-05-07 23:36:25 -04:00
ima ima: verify mprotect change is consistent with mmap policy 2020-05-22 14:41:04 -04:00
platform_certs EFI updates for v5.7: 2020-02-26 15:21:22 +01:00
digsig_asymmetric.c integrity: Remove duplicate pr_fmt definitions 2020-02-28 14:32:58 -05:00
digsig.c integrity: Remove duplicate pr_fmt definitions 2020-02-28 14:32:58 -05:00
iint.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
integrity_audit.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
integrity.h integrity: Remove duplicate pr_fmt definitions 2020-02-28 14:32:58 -05:00
Kconfig powerpc: Load firmware trusted keys/hashes into kernel keyring 2019-11-13 00:33:23 +11:00
Makefile powerpc: Load firmware trusted keys/hashes into kernel keyring 2019-11-13 00:33:23 +11:00